Working from home is not complicated. Most of us do so now and again. Accessing an internet connection is easy enough, and cloud office suites and SaaS applications make it seamless to transition from working at the office to doing so on the couch in your living room. But most organizations will not have supported so many employees working remotely, and employees themselves may be a little out of practice in observing best practices when working from home.
So now is definitely the time to review and enhance security around remote access to corporate data, at both ends of the connection.
Here are tips for secure remote working for employees, and for their employers.
Best practices for employees
We naturally tend to be more relaxed at home, especially when it comes to security. After all, we’re in the safety of our own homes, so what could go wrong? Unfortunately, cyber criminals are seeking to exploit exactly this sort of complacency with carefully-engineered phishing exploits and threats.
Here is some advice for employees:
- Pay attention to passwords: It’s a good idea to review and strengthen passwords that you use for logging onto remote resources, such as email or work applications.
- Be phishing-aware: Be wary of clicking on links which look in any way suspicious, and only download content from reliable sources that can be verified.
Remember that phishing schemes are a form of social engineering, so if you receive an email with an unusual request, check the sender’s details carefully to make sure that you are communicating with colleagues, not criminals. Research teams have uncovered that domains related to coronavirus are 50% more likely to be malicious, so make sure to cast a critical eye over anything unexpected that pops into your mailbox.
- Choose your device carefully: Many employees use their company computer or laptop for personal use, which can create a security risk. The risk is even greater if you use a personal computer for work purposes. If you have to use a home or personal computer for work, talk to your IT team about how to strengthen security – for example, by adding a strong anti-virus and security package to it.
- Who’s listening in?: Does your home wi-fi network have a strong password, or is it open? Make sure it is protected against anyone within range being able to access and connect to the network.
Best practices for employers
This guide should serve as a starting point for organizations, whether their apps and data are stored in data centers, public clouds or within SaaS applications:
- Trust no one: Your entire remote access plan has to be built using the mindset of zero trust, where everything must be verified and nothing should be assumed. Make sure that you understand who has access to what information – segmenting your users and making sure that you authenticate them with multi-factor authentication. Additionally, now is the time to re-educate your teams so that they understand why and how to access information safely and remotely.
- Every endpoint needs attention: In a typical scenario, you might have people working on desktops inside the office. Assuming that their devices aren’t going home with them, you now have a slew of unknown devices which need access to your corporate data.
- You have to think ahead about how to handle the threats posed by data leakage or attacks propagating from a device into your network. You also need to ensure that the overall security posture of devices is sufficient.
- Stress-test your infrastructure: In order to incorporate secure remote access tools into your workflows, it’s critical to have a VPN or an SDP. This infrastructure must be robust and should be stress-tested to ensure that it can handle a large volume of traffic, as your workforce shifts gears to work from home.
- Define your data: Take the time to identify, specify and label your sensitive data, in order to prepare for policies that will make sure that only the appropriate people can access it.
- Make no assumptions about previous data management, and take a granular approach which will serve you well once remote access is fully enabled. No one wants to accidentally provide the entire organization with access to HR.
- Segment your workforce: Run an audit of your current policies relating to the access and sharing of different types of data. Re-evaluate both corporate policy and your segmentation of the teams within your org, so that you can rest assured that you have different levels of access which correlate with the various levels of data sensitivity.
These cornerstones of remote access security will help organizations better protect their data and networks against threats and interception at both ends of the connection.